DerbyConCTF Flags: SourceCodeTheft

SourceCodeTheft was the next-to-last flag I found. It was worth 100 points. Here’s how I found it:

Still working on the 10.10.146.187 host, which had yielded previous flags, I had discovered this additional page on the website: http://10.10.146.187/pmc.aspx

I honestly don’t recall how I had found this page but I suspect an earlier wget to mirror the entire website pulled the file down and I saw it on my local folder and decided to visit it. It’s a simple website with a single text box for input:

Typing anything into the field (“whatever”) for instance yields a flag hidden in the error output:

I wonder if there was more here that could have been gleaned by the error output. If there is, I didn’t catch it. I was able to pull one more flag off this website before hanging my hat. If I’m right about any leads in this error output, please let me know. I’d like to hear it.